Nobody who watched the news coverage of the terrorist attacks in Paris could fail to be moved by the scenes and the stories emerging from it. It was undeniably a horrific series of events, and it’s only human nature to want action to be taken to reduce the likelihood of future such atrocities.
But there is always a danger at such times that emotion, rather than rational thought, will drive government policy-making. I won’t get into the broader theme there, as there are more appropriate forums for that, but there is one aspect that is very much on-topic for us: the battle between Apple and governments over encryption.
There have already been unattributed reports that the terrorists in Paris used encrypted communication. I have no idea whether there is any specific evidence for that, but it would hardly be damning were such evidence to emerge: it would be frankly astonishing if they hadn’t.
There are three reasons why Apple is right to maintain that it will continue to offer end-to-end encrypted communication no matter how much governments in the USA, UK and elsewhere may protest …
But let’s begin with a reminder of Apple’s position. Apple uses end-to-end encryption for both iMessages and FaceTime. As Tim Cook told Charlie Rose last year, this means that it would be impossible for it to decrypt the messages even if a government insisted.
We’re not reading your email, we’re not reading your iMessages. If the government laid a subpoena on us to get your iMessages, we can’t provide it. It’s encrypted and we don’t have the key.
The company also introduced strong encryption for iPhones and iPads in iOS 8 so that it would again be impossible for the company to break into the device locked with a passcode.
So Apple is going further here than most companies. It is not just saying it would push back against government pressure to reveal user data, it is saying that it has deliberately arranged things so that it is completely unable to do so.
That’s a strong position, and there’s some pretty heavy-duty opposition to it – including the United States Attorney General, the FBI, the DOJ and other law-enforcement agencies. Among the claims you’ll find in those links are that Apple is putting people beyond the law, risking the life of a child and that the iPhone would be the terrorists’ “communication device of choice.” Since the Paris attacks, the Homeland Security Committee and CIA have joined in.
So what are the three reasons that I still think Apple’s position is right?
First, there is nothing new about having to balance out the conflicting demands of freedom and security. Or, to use Benjamin Franklin’s terms, liberty and safety.
Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.
We live in a world where it would be technologically feasible to ensure that virtually no crime could go undetected. We could fit CCTV cameras on every street, in every home, in every building. We could all have trackers embedded beneath our skin. We could force everyone to provide both fingerprints and DNA samples to hold in a global database. We could make it illegal to fit curtains or blinds to windows. And so on.
We don’t do any of these things because we value freedom and privacy, and we consider that the risks involved are a price worth paying for the ability to live our lives free from tyranny and surveillance.
The Snowden revelations woke the world to the extent to which we’d already headed down this slippery slope, and the general view of the population has been that indiscriminate mass surveillance is a step too far. We take the view that wiretaps and other forms of electronic surveillance will of course be necessary to facilitate investigations by police and security services, but that such surveillance should be both targeted and subject to judicial oversight.
Second, Apple is absolutely right to say that the moment you build in a backdoor for use by governments, it will only be a matter of time before hackers figure it out.
You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they’re not – and if they’re not then it’s a question of when, rather than if, others are able to exploit the vulnerability.
Couple a deliberately weakened form of encryption to laws requiring Internet service providers and telecoms companies to stockpile large volumes of user data and you’d create the biggest goldmine the world has ever seen for criminals to commit identity theft and other forms of fraud. Not just private enterprise criminals, either, but rogue nations too.
Think how cautious we have to be today. We’ve all received convincing-looking phishing emails in amongst the laughable ones. Most of us these days, when we receive a phone call claiming to be from a bank, take their name, hang up and then call them back on the main switchboard number. Just imagine how much more paranoid we’d have to be if a fraudster could ‘prove’ that they are the claimed bank or other company by providing some transaction data.
A world in which all of our data is ‘protected’ by encryption systems with loopholes would be a nightmare.
Third, it won’t work. It’s technological illiteracy to imagine that breaking encrypted messages is any kind of solution.
Do governments seriously imagine that if we pass laws banning fully-encrypted communications that terrorists would suddenly abandon them and use the new, deliberately weakened versions? Or if doing so drew too much attention to them that they wouldn’t find other ways to hide their communications?
Steganography, for example. It’s technically trivial to embed hidden messages inside what appears to be a perfectly ordinary family photo in such a way that it’s almost impossible to detect. There are literally scores of apps to do that, and that’s just a single method. There are almost endless numbers of ways to disguise messages.
As Tim Cook has said:
We shouldn’t give in to scare-mongering or to people who fundamentally don’t understand the details.
So weakening encryption would mean sacrificing core principles of civilized societies in the name of security. It would provide not just our own government but foreign governments and criminals with access to our data. And it would do absolutely nothing to prevent terrorists from communicating in secret.
There is not one single reason for Apple to give in to government pressure to abandon its stance on customer privacy, and three very good reasons for it not to.
Do you agree? Or do you think that governments are right to insist that security must take precedence over privacy? Take our poll, and share your thoughts in the comments.